From c16856f8abfcd2509ce592ca7a42d90fc3ea87a7 Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Fri, 2 Sep 2022 00:22:16 +0100 Subject: [PATCH] treewide: add my.ip.tailscale6 --- ops/nixos/blade-janeway/default.nix | 1 + ops/nixos/blade-paris/default.nix | 1 + ops/nixos/blade-torres/default.nix | 1 + ops/nixos/blade-tuvok/default.nix | 1 + ops/nixos/bvm-heptapod/default.nix | 1 + ops/nixos/bvm-ipfs/default.nix | 4 +++- ops/nixos/bvm-logger/default.nix | 1 + ops/nixos/bvm-matrix/default.nix | 1 + ops/nixos/bvm-netbox/default.nix | 1 + ops/nixos/bvm-nixosmgmt/default.nix | 1 + ops/nixos/bvm-paperless/default.nix | 3 ++- ops/nixos/bvm-prosody/default.nix | 1 + ops/nixos/bvm-radius/default.nix | 1 + ops/nixos/bvm-twitterchiver/default.nix | 1 + ops/nixos/clouvider-fra01/default.nix | 10 ++++++++++ ops/nixos/clouvider-lon01/default.nix | 2 ++ ops/nixos/frantech-las01/default.nix | 1 + ops/nixos/frantech-lux01/default.nix | 1 + ops/nixos/frantech-nyc01/default.nix | 1 + ops/nixos/lib/common.nix | 10 +++++++--- ops/nixos/oracle-lon01/default.nix | 1 + ops/nixos/porcorosso/default.nix | 1 + ops/nixos/swann/default.nix | 1 + ops/nixos/totoro/default.nix | 1 + 24 files changed, 43 insertions(+), 5 deletions(-) diff --git a/ops/nixos/blade-janeway/default.nix b/ops/nixos/blade-janeway/default.nix index 6a4c1a2ce6..4b503ef925 100644 --- a/ops/nixos/blade-janeway/default.nix +++ b/ops/nixos/blade-janeway/default.nix @@ -18,6 +18,7 @@ in { hostId = "3a62390f"; }; my.ip.tailscale = "100.121.116.85"; + my.ip.tailscale6 = "fd7a:115c:a1e0:ab12:4843:cd96:6279:7455"; my.blade.bay = 3; my.blade.macAddress = { internal = "e8:39:35:1f:7f:8a"; diff --git a/ops/nixos/blade-paris/default.nix b/ops/nixos/blade-paris/default.nix index c2843ffdc7..fbfce4e5cd 100644 --- a/ops/nixos/blade-paris/default.nix +++ b/ops/nixos/blade-paris/default.nix @@ -19,6 +19,7 @@ in { hostId = "41b2a198"; }; my.ip.tailscale = "100.117.185.118"; + my.ip.tailscale6 = "fd7a:115c:a1e0:ab12:4843:cd96:6275:b976"; my.blade.bay = 2; my.blade.macAddress = { internal = "e4:11:5b:ac:e4:8a"; diff --git a/ops/nixos/blade-torres/default.nix b/ops/nixos/blade-torres/default.nix index c35cfb0648..7797b97e1d 100644 --- a/ops/nixos/blade-torres/default.nix +++ b/ops/nixos/blade-torres/default.nix @@ -25,6 +25,7 @@ in { }; }; my.ip.tailscale = "100.92.118.36"; + my.ip.tailscale6 = "fd7a:115c:a1e0:ab12:4843:cd96:625c:7624"; my.blade.bay = 8; my.blade.macAddress = { internal = "e4:11:5b:ac:e3:cc"; diff --git a/ops/nixos/blade-tuvok/default.nix b/ops/nixos/blade-tuvok/default.nix index da5db4d0dc..08794f0915 100644 --- a/ops/nixos/blade-tuvok/default.nix +++ b/ops/nixos/blade-tuvok/default.nix @@ -48,6 +48,7 @@ in { ''; }; my.ip.tailscale = "100.119.123.33"; + my.ip.tailscale6 = "fd7a:115c:a1e0:ab12:4843:cd96:6277:7b21"; my.blade.bay = 6; my.blade.macAddress = { internal = "e4:11:5b:ac:e3:fe"; diff --git a/ops/nixos/bvm-heptapod/default.nix b/ops/nixos/bvm-heptapod/default.nix index ac807efc9e..d1363b9c06 100644 --- a/ops/nixos/bvm-heptapod/default.nix +++ b/ops/nixos/bvm-heptapod/default.nix @@ -43,6 +43,7 @@ in { }; }; my.ip.tailscale = "100.94.23.105"; + my.ip.tailscale6 = "fd7a:115c:a1e0:ab12:4843:cd96:625e:1769"; services.openssh.ports = [ 20022 ]; my.deploy.args = "-p 20022"; diff --git a/ops/nixos/bvm-ipfs/default.nix b/ops/nixos/bvm-ipfs/default.nix index 959783b38a..13ec43e2da 100644 --- a/ops/nixos/bvm-ipfs/default.nix +++ b/ops/nixos/bvm-ipfs/default.nix @@ -33,6 +33,7 @@ ]; }; my.ip.tailscale = "100.73.206.41"; + my.ip.tailscale6 = "fd7a:115c:a1e0:ab12:4843:cd96:6249:ce29"; services.ipfs = { enable = true; @@ -41,7 +42,8 @@ Experimental.FilestoreEnabled = true; Addresses = let internalv4 = ["127.0.0.1" "10.100.0.203" config.my.ip.tailscale]; - internal = map (a: "/ip4/${a}") internalv4; + internalv6 = ["::1" config.my.ip.tailscale6]; + internal = (map (a: "/ip4/${a}") internalv4) ++ (map (a: "/ip6/${a}") internalv6); externalv4 = internalv4 ++ ["92.118.28.4"]; externalv6 = ["2a09:a441::4"]; external = (map (a: "/ip4/${a}") externalv4) ++ (map (a: "/ip6/${a}") externalv6); diff --git a/ops/nixos/bvm-logger/default.nix b/ops/nixos/bvm-logger/default.nix index aefb9104f8..4d936a209d 100644 --- a/ops/nixos/bvm-logger/default.nix +++ b/ops/nixos/bvm-logger/default.nix @@ -27,6 +27,7 @@ in { defaultGateway6 = { address = "2a09:a441::1"; interface = "enp2s0"; }; }; my.ip.tailscale = "100.68.134.82"; + my.ip.tailscale6 = "fd7a:115c:a1e0:ab12:4843:cd96:6244:8652"; services.clickhouse.enable = true; services.clickhouse.package = pkgs.symlinkJoin { diff --git a/ops/nixos/bvm-matrix/default.nix b/ops/nixos/bvm-matrix/default.nix index a0e1013aad..990787e561 100644 --- a/ops/nixos/bvm-matrix/default.nix +++ b/ops/nixos/bvm-matrix/default.nix @@ -32,6 +32,7 @@ ]; }; my.ip.tailscale = "100.74.197.67"; + my.ip.tailscale6 = "fd7a:115c:a1e0:ab12:4843:cd96:624a:c543"; services.postfix = { enable = true; diff --git a/ops/nixos/bvm-netbox/default.nix b/ops/nixos/bvm-netbox/default.nix index 9d8b336b1b..484cf3fd42 100644 --- a/ops/nixos/bvm-netbox/default.nix +++ b/ops/nixos/bvm-netbox/default.nix @@ -147,6 +147,7 @@ in { defaultGateway6 = { address = "2a09:a441::1"; interface = "enp2s0"; }; }; my.ip.tailscale = "100.81.27.52"; + my.ip.tailscale6 = "fd7a:115c:a1e0:ab12:4843:cd96:6251:1b34"; services.postgresql = { enable = true; diff --git a/ops/nixos/bvm-nixosmgmt/default.nix b/ops/nixos/bvm-nixosmgmt/default.nix index e72753f99d..b553b5aced 100644 --- a/ops/nixos/bvm-nixosmgmt/default.nix +++ b/ops/nixos/bvm-nixosmgmt/default.nix @@ -28,6 +28,7 @@ defaultGateway6 = { address = "2a09:a441::1"; interface = "enp6s0"; }; }; my.ip.tailscale = "100.65.226.19"; + my.ip.tailscale6 = "fd7a:115c:a1e0:ab12:4843:cd96:6241:e213"; services.rundeck = { enable = true; diff --git a/ops/nixos/bvm-paperless/default.nix b/ops/nixos/bvm-paperless/default.nix index a32623c463..baf5127519 100644 --- a/ops/nixos/bvm-paperless/default.nix +++ b/ops/nixos/bvm-paperless/default.nix @@ -20,10 +20,11 @@ in { }; }; my.ip.tailscale = "100.85.236.121"; + my.ip.tailscale6 = "fd7a:115c:a1e0:ab12:4843:cd96:6255:ec79"; services.paperless = { enable = true; - address = config.my.ip.tailscale; + address = config.my.ip.tailscale6; extraConfig = { PAPERLESS_URL = "https://paperless.int.lukegb.com"; PAPERLESS_ALLOWED_HOSTS = "paperless.int.lukegb.com,bvm-paperless.int.as205479.net:28981,bvm-paperless.int.as205479.net"; diff --git a/ops/nixos/bvm-prosody/default.nix b/ops/nixos/bvm-prosody/default.nix index b70f1a1827..1f5942fa72 100644 --- a/ops/nixos/bvm-prosody/default.nix +++ b/ops/nixos/bvm-prosody/default.nix @@ -27,6 +27,7 @@ firewall.allowedTCPPorts = [ 80 443 3478 5280 5281 5222 5223 5269 5298 ]; }; my.ip.tailscale = "100.86.22.44"; + my.ip.tailscale6 = "fd7a:115c:a1e0:ab12:4843:cd96:6256:162c"; services.coturn = { enable = true; diff --git a/ops/nixos/bvm-radius/default.nix b/ops/nixos/bvm-radius/default.nix index 5da38c6f08..e3c25ad7a8 100644 --- a/ops/nixos/bvm-radius/default.nix +++ b/ops/nixos/bvm-radius/default.nix @@ -53,6 +53,7 @@ in { }; }; my.ip.tailscale = "100.120.98.116"; + my.ip.tailscale6 = "fd7a:115c:a1e0:ab12:4843:cd96:6278:6274"; my.vault.acmeCertificates."as205479.net" = { group = "acme"; diff --git a/ops/nixos/bvm-twitterchiver/default.nix b/ops/nixos/bvm-twitterchiver/default.nix index 1f172b56ef..f6f3a3a36e 100644 --- a/ops/nixos/bvm-twitterchiver/default.nix +++ b/ops/nixos/bvm-twitterchiver/default.nix @@ -18,6 +18,7 @@ }; }; my.ip.tailscale = "100.119.86.55"; + my.ip.tailscale6 = "fd7a:115c:a1e0:ab12:4843:cd96:6277:5637"; services.postgresql = { enable = true; diff --git a/ops/nixos/clouvider-fra01/default.nix b/ops/nixos/clouvider-fra01/default.nix index e1d2100257..4cb91a49c2 100644 --- a/ops/nixos/clouvider-fra01/default.nix +++ b/ops/nixos/clouvider-fra01/default.nix @@ -18,8 +18,14 @@ let other = _apply lib.id { "content.int.lukegb.com" = { listen = [{ + addr = "[${config.my.ip.tailscale6}]"; + port = 80; + } { addr = config.my.ip.tailscale; port = 80; + } { + addr = "[${config.my.ip.tailscale6}]"; + port = 18081; } { addr = config.my.ip.tailscale; port = 18081; @@ -40,6 +46,9 @@ let listen = [{ addr = config.my.ip.tailscale; port = 80; + } { + addr = "[${config.my.ip.tailscale6}]"; + port = 80; }]; }; in { @@ -121,6 +130,7 @@ in { ]; }; my.ip.tailscale = "100.75.142.119"; + my.ip.tailscale6 = "fd7a:115c:a1e0:ab12:4843:cd96:624b:8e77"; my.coredns.bind = [ "enp1s0" "tailscale0" "127.0.0.1" "::1" ]; # Define a user account. diff --git a/ops/nixos/clouvider-lon01/default.nix b/ops/nixos/clouvider-lon01/default.nix index d195100e40..f0a8be293d 100644 --- a/ops/nixos/clouvider-lon01/default.nix +++ b/ops/nixos/clouvider-lon01/default.nix @@ -125,10 +125,12 @@ iptables -A INPUT -p tcp --dport 22 --dst 185.198.188.29 -j ACCEPT iptables -A INPUT -p tcp --dport 22 --dst ${config.my.ip.tailscale} -j ACCEPT ip6tables -A INPUT -p tcp --dport 22 --dst 2a0a:54c0:0:17::2 -j ACCEPT + ip6tables -A INPUT -p tcp --dport 22 --dst ${config.my.ip.tailscale6} -j ACCEPT ''; }; }; my.ip.tailscale = "100.79.173.25"; + my.ip.tailscale6 = "fd7a:115c:a1e0:ab12:4843:cd96:624f:ad19"; my.coredns.bind = [ "br-ext" "tailscale0" "127.0.0.1" "::1" ]; services.openssh.openFirewall = false; # allowed by networking.firewall.extraCommands diff --git a/ops/nixos/frantech-las01/default.nix b/ops/nixos/frantech-las01/default.nix index 18adfa3e7b..7744535a86 100644 --- a/ops/nixos/frantech-las01/default.nix +++ b/ops/nixos/frantech-las01/default.nix @@ -22,6 +22,7 @@ in { }; }; my.ip.tailscale = "100.127.132.77"; + my.ip.tailscale6 = "fd7a:115c:a1e0:ab12:4843:cd96:627f:844d"; system.stateVersion = "21.05"; } diff --git a/ops/nixos/frantech-lux01/default.nix b/ops/nixos/frantech-lux01/default.nix index b92402d4d3..d9d1f6f33a 100644 --- a/ops/nixos/frantech-lux01/default.nix +++ b/ops/nixos/frantech-lux01/default.nix @@ -22,6 +22,7 @@ in { }; }; my.ip.tailscale = "100.125.159.57"; + my.ip.tailscale6 = "fd7a:115c:a1e0:ab12:4843:cd96:627d:9f39"; system.stateVersion = "21.05"; } diff --git a/ops/nixos/frantech-nyc01/default.nix b/ops/nixos/frantech-nyc01/default.nix index ffc4464a3b..dea34d8194 100644 --- a/ops/nixos/frantech-nyc01/default.nix +++ b/ops/nixos/frantech-nyc01/default.nix @@ -20,6 +20,7 @@ }; }; my.ip.tailscale = "100.99.236.25"; + my.ip.tailscale6 = "fd7a:115c:a1e0:ab12:4843:cd96:6263:ec19"; system.stateVersion = "21.05"; } diff --git a/ops/nixos/lib/common.nix b/ops/nixos/lib/common.nix index 60f7a7f6a2..3054349bd6 100644 --- a/ops/nixos/lib/common.nix +++ b/ops/nixos/lib/common.nix @@ -64,6 +64,10 @@ in type = lib.types.nullOr lib.types.str; default = null; }; + options.my.ip.tailscale6 = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + }; options.my.deploy.enable = lib.mkOption { type = lib.types.bool; @@ -80,7 +84,7 @@ in }; options.my.scrapeJournal.addr = lib.mkOption { type = lib.types.nullOr lib.types.str; - default = if config.my.ip.tailscale == null then null else "${config.my.ip.tailscale}:19531"; + default = if config.my.ip.tailscale6 == null then if config.my.ip.tailscale == null then null else "${config.my.ip.tailscale}:19531" else "[${config.my.ip.tailscale6}]:19531"; }; config = { @@ -324,9 +328,9 @@ in services.fwupd.enable = true; # This is enabled independently of my.scrapeJournal.enable. - services.journald.enableHttpGateway = config.my.ip.tailscale != null; + services.journald.enableHttpGateway = config.my.ip.tailscale != null || config.my.ip.tailscale6 != null; systemd.sockets.systemd-journal-gatewayd.socketConfig = lib.optionalAttrs (config.my.ip.tailscale != null) { - ListenStream = [ "" "${config.my.ip.tailscale}:19531" ]; + ListenStream = [ "" ] ++ (lib.optional (config.my.ip.tailscale != null) "${config.my.ip.tailscale}:19531") ++ (lib.optional (config.my.ip.tailscale6 != null) "[${config.my.ip.tailscale6}:19531"); FreeBind = true; }; diff --git a/ops/nixos/oracle-lon01/default.nix b/ops/nixos/oracle-lon01/default.nix index f16c4a2de1..b424d549d9 100644 --- a/ops/nixos/oracle-lon01/default.nix +++ b/ops/nixos/oracle-lon01/default.nix @@ -58,6 +58,7 @@ }; }; my.ip.tailscale = "100.93.85.40"; + my.ip.tailscale6 = "fd7a:115c:a1e0:ab12:4843:cd96:625d:5528"; my.systemType = "aarch64-linux"; nix.gc.automatic = false; diff --git a/ops/nixos/porcorosso/default.nix b/ops/nixos/porcorosso/default.nix index 5a7d937ce4..cc725e6fbd 100644 --- a/ops/nixos/porcorosso/default.nix +++ b/ops/nixos/porcorosso/default.nix @@ -134,6 +134,7 @@ in { wifi.backend = "iwd"; }; my.ip.tailscale = "100.125.26.108"; + my.ip.tailscale6 = "fd7a:115c:a1e0:ab12:4843:cd96:627d:1a6c"; # Set your time zone. time.timeZone = "Europe/London"; diff --git a/ops/nixos/swann/default.nix b/ops/nixos/swann/default.nix index baa7f0748e..c1a4210098 100644 --- a/ops/nixos/swann/default.nix +++ b/ops/nixos/swann/default.nix @@ -369,6 +369,7 @@ in { }; services.mstpd.enable = true; my.ip.tailscale = "100.102.224.95"; + my.ip.tailscale6 = "fd7a:115c:a1e0:ab12:4843:cd96:6266:e05f"; services.udev.extraRules = '' ATTR{address}=="e4:3a:6e:16:07:63", DRIVERS=="?*", NAME="en-ee" ATTR{address}=="e4:3a:6e:16:07:64", DRIVERS=="?*", NAME="en-gnet" diff --git a/ops/nixos/totoro/default.nix b/ops/nixos/totoro/default.nix index a6b1750fb7..9ff680911e 100644 --- a/ops/nixos/totoro/default.nix +++ b/ops/nixos/totoro/default.nix @@ -145,6 +145,7 @@ in { }; }; my.ip.tailscale = "100.122.86.11"; + my.ip.tailscale6 = "fd7a:115c:a1e0:ab12:4843:cd96:627a:560b"; # Virtualisation virtualisation.libvirtd = {